chiark
/
gitweb
/
~ianmdlvl
/
elogind.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
f7f4ccc
)
selinux: rework selinux tests a little
author
Lennart Poettering
<lennart@poettering.net>
Tue, 3 Aug 2010 23:07:38 +0000
(
01:07
+0200)
committer
Lennart Poettering
<lennart@poettering.net>
Tue, 3 Aug 2010 23:07:38 +0000
(
01:07
+0200)
src/util.c
patch
|
blob
|
history
diff --git
a/src/util.c
b/src/util.c
index 8fec44eb068e31df60cf666af325de3b90471415..39dca0d4587ffdea104964a078be4e133506b017 100644
(file)
--- a/
src/util.c
+++ b/
src/util.c
@@
-100,12
+100,15
@@
int label_init(void) {
int r = 0;
#ifdef HAVE_SELINUX
int r = 0;
#ifdef HAVE_SELINUX
- if (use_selinux()) {
- label_hnd = selabel_open(SELABEL_CTX_FILE, NULL, 0);
- if (!label_hnd) {
- log_full(security_getenforce() == 1 ? LOG_ERR : LOG_DEBUG, "Failed to initialize SELinux context: %m");
- r = (security_getenforce() == 1) ? -errno : 0;
- }
+
+ if (!use_selinux())
+ return 0;
+
+ label_hnd = selabel_open(SELABEL_CTX_FILE, NULL, 0);
+ if (!label_hnd) {
+ log_full(security_getenforce() == 1 ? LOG_ERR : LOG_DEBUG,
+ "Failed to initialize SELinux context: %m");
+ r = (security_getenforce() == 1) ? -errno : 0;
}
#endif
}
#endif
@@
-114,26
+117,30
@@
int label_init(void) {
int label_fix(const char *path) {
int r = 0;
int label_fix(const char *path) {
int r = 0;
+
#ifdef HAVE_SELINUX
struct stat st;
security_context_t fcon;
#ifdef HAVE_SELINUX
struct stat st;
security_context_t fcon;
- if (use_selinux()) {
- r = lstat(path, &st);
- if (r == 0) {
-
r = selabel_lookup_raw(label_hnd, &fcon, path, st.st_mode)
;
+ if (!use_selinux())
+
return 0
;
- if (r == 0) {
- r = setfilecon(path, fcon);
- freecon(fcon);
- }
- }
- if (r < 0) {
- log_error("Unable to fix label of %s: %m", path);
- r = (security_getenforce() == 1) ? -errno : 0;
+ r = lstat(path, &st);
+ if (r == 0) {
+ r = selabel_lookup_raw(label_hnd, &fcon, path, st.st_mode);
+
+ if (r == 0) {
+ r = setfilecon(path, fcon);
+ freecon(fcon);
}
}
}
}
+ if (r < 0) {
+ log_full(security_getenforce() == 1 ? LOG_ERR : LOG_DEBUG,
+ "Unable to fix label of %s: %m", path);
+ r = (security_getenforce() == 1) ? -errno : 0;
+ }
#endif
#endif
+
return r;
}
return r;
}
@@
-143,18
+150,21
@@
void label_finish(void) {
if (use_selinux())
selabel_close(label_hnd);
#endif
if (use_selinux())
selabel_close(label_hnd);
#endif
-
}
}
-int label_get_socket_label_from_exe(
- const char *exe,
- char **label) {
+int label_get_socket_label_from_exe(const char *exe, char **label) {
+
int r = 0;
#ifdef HAVE_SELINUX
security_context_t mycon = NULL, fcon = NULL;
security_class_t sclass;
int r = 0;
#ifdef HAVE_SELINUX
security_context_t mycon = NULL, fcon = NULL;
security_class_t sclass;
+ if (!use_selinux()) {
+ *label = NULL;
+ return 0;
+ }
+
r = getcon(&mycon);
if (r < 0)
goto fail;
r = getcon(&mycon);
if (r < 0)
goto fail;
@@
-169,7
+179,7
@@
int label_get_socket_label_from_exe(
log_debug("SELinux Socket context for %s will be set to %s", exe, *label);
fail:
log_debug("SELinux Socket context for %s will be set to %s", exe, *label);
fail:
- if (r< 0 && security_getenforce() == 1)
+ if (r
< 0 && security_getenforce() == 1)
r = -errno;
freecon(mycon);
r = -errno;
freecon(mycon);
@@
-184,19
+194,21
@@
int label_fifofile_set(const char *label, const char *path) {
#ifdef HAVE_SELINUX
security_context_t filecon = NULL;
#ifdef HAVE_SELINUX
security_context_t filecon = NULL;
- if (use_selinux() && label) {
- if (((r = label_get_file_label_from_path(label, path, "fifo_file", &filecon)) == 0)) {
- if ((r = setfscreatecon(filecon)) < 0) {
- log_error("Failed to set SELinux file context (%s) on %s: %m", label, path);
- r = -errno;
- }
- freecon(filecon);
+ if (!use_selinux() || !label)
+ return 0;
+
+ if (((r = label_get_file_label_from_path(label, path, "fifo_file", &filecon)) == 0)) {
+ if ((r = setfscreatecon(filecon)) < 0) {
+ log_error("Failed to set SELinux file context (%s) on %s: %m", label, path);
+ r = -errno;
}
}
- if (r < 0 && security_getenforce() == 0)
- r = 0;
+ freecon(filecon);
}
}
+
+ if (r < 0 && security_getenforce() == 0)
+ r = 0;
#endif
return r;
#endif
return r;
@@
-205,8
+217,13
@@
int label_fifofile_set(const char *label, const char *path) {
int label_socket_set(const char *label) {
#ifdef HAVE_SELINUX
int label_socket_set(const char *label) {
#ifdef HAVE_SELINUX
- if (use_selinux() && setsockcreatecon((security_context_t) label) < 0) {
- log_error("Failed to set SELinux context (%s) on socket: %m", label);
+ if (!use_selinux())
+ return 0;
+
+ if (setsockcreatecon((security_context_t) label) < 0) {
+ log_full(security_getenforce() == 1 ? LOG_ERR : LOG_DEBUG,
+ "Failed to set SELinux context (%s) on socket: %m", label);
+
if (security_getenforce() == 1)
return -errno;
}
if (security_getenforce() == 1)
return -errno;
}
@@
-218,31
+235,31
@@
int label_socket_set(const char *label) {
void label_file_clear(void) {
#ifdef HAVE_SELINUX
void label_file_clear(void) {
#ifdef HAVE_SELINUX
- if (use_selinux())
- setfscreatecon(NULL);
-#endif
+ if (!use_selinux())
+ return;
- return;
+ setfscreatecon(NULL);
+#endif
}
}
-void label_
free(const char *label
) {
+void label_
socket_clear(void
) {
#ifdef HAVE_SELINUX
#ifdef HAVE_SELINUX
- if (use_selinux())
- freecon((security_context_t) label);
-#endif
+ if (!use_selinux())
+ return;
- return;
+ setsockcreatecon(NULL);
+#endif
}
}
-void label_
socket_clear(void
) {
+void label_
free(const char *label
) {
#ifdef HAVE_SELINUX
#ifdef HAVE_SELINUX
- if (use_selinux())
- setsockcreatecon(NULL);
-#endif
+ if (!use_selinux())
+ return;
- return;
+ freecon((security_context_t) label);
+#endif
}
static int label_mkdir(
}
static int label_mkdir(